upvote

points

by manmal1 days ago |
comments
upvoteby theshrike791 days ago|
next
[-]
We have a legal contract with Anthropic

OpenClaw and OpenCode are open source projects with zero warranty and nobody to sue if they have a npm Trojan in them

reply
upvoteby lelanthran1 days ago|
parent|
next
[-]
> OpenClaw and OpenCode are open source projects with zero warranty and nobody to sue if they have a npm Trojan in them

When has any technology company been sued for pushing accidental malware in their updates?

The reality is that you have never had anyone to sue.

reply
upvoteby TeMPOraL23 hours ago|
parent|
[-]
Sure you did. But 99% of the time, you get the benefit of things that come with ability to sue - such as the vendor having a support team that's actually incentivized to respond to reports and deal with them quickly.
reply
upvoteby ahtihn1 days ago|
parent|
prev|
[-]
So you don’t use any other open source software at all then?

The risk with OpenClaw et al isn't that the software itself is compromised. The risk is that what it does is fundamentally insecure and Claude Code isn't any better

reply
upvoteby stingraycharles1 days ago|
parent|
next
[-]
That’s not the issue, the issue is that people are using their subscriptions (intended only for use with Anthropic products) with non-Anthropic products and this is simply Anthropic enforcing their ToS.
reply
upvoteby xp8422 hours ago|
parent|
prev|
next
[-]
Good point. When it comes to npm Trojans you’re probably more likely to find them in dumb and boring deps like Lpad.
reply
upvoteby TeMPOraL23 hours ago|
parent|
prev|
[-]
That's table stakes. LLMs are not like traditional software for fundamental reasons, and cannot be fully secured without destroying all value they provide.

Once again, despite everyone's protestations about not anthropomorphising things, LLMs are, to first approximation, best seen as little people on a chip. So with that in mind, it should be obvious why enterprise would prefer dealing with Anthropic's official products than OpenClaw - it's similar to contracting a team of software engineers from another well-known corporation and giving them keys to the castle, vs. inviting in any randos that show up at the door on any given day and can pass FizzBuzz test. Even if, in both cases, these turned out to be the same people, having an organizational/legal-level relationship changes the expectations and trust levels involved.

reply
upvoteby stingraycharles1 days ago|
prev|
next
[-]
Claude Desktop is an Anthropic product, Openclaw is not (their founder works for OpenAI even).

Anthropic wants you to use their subscription only for Anthropic products.

I don’t think the difference is that difficult to see.

reply
upvoteby manmal1 days ago|
parent|
next
[-]
Both teams ship at breakneck speed and both randomly regress. I don't see such a big difference. Claude now uses Claude by default to judge whether a tool call is sane or not. At least OC is transparent about the insanity of running bash commands unchecked.
reply
upvoteby croes1 days ago|
parent|
prev|
[-]
I guess parents point how dangerous OpenClaw is and that Claude Code is now similarly dangerous
reply
upvoteby 21 hours ago|
prev|
[-]
deleted
reply